From owner-freebsd-pf@FreeBSD.ORG Sat Jan 21 10:27:40 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C95F81065670 for ; Sat, 21 Jan 2012 10:27:40 +0000 (UTC) (envelope-from mistrzipan@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 5B5A58FC0C for ; Sat, 21 Jan 2012 10:27:39 +0000 (UTC) Received: by eaai10 with SMTP id i10so565624eaa.13 for ; Sat, 21 Jan 2012 02:27:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=d7CvNKtk8T9eOwNE/5hiQbQVlweUfoWhc+gfFXtPCDY=; b=ihCEwbUTH5EOopKr3yiwTDc6RgNKB1rEBbVQyDvoAUL1nXUeIWJ3aj1HrLdUBMIe+P yXvu9XZlwIhyXsFG2JmUNAG6jyeuwy8hgX2l6tJzDf5PDMYKaVn5j9dqnpKHeii6+PDN gL2bZ9lgKtGAImkhN25YH/1Dbo8/M3c3TBA2s= Received: by 10.213.20.136 with SMTP id f8mr332030ebb.149.1327141659085; Sat, 21 Jan 2012 02:27:39 -0800 (PST) Received: from [192.168.32.109] ([78.10.99.51]) by mx.google.com with ESMTPS id e12sm23661138eea.5.2012.01.21.02.27.37 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 21 Jan 2012 02:27:38 -0800 (PST) Message-ID: <4F1A9318.3050102@gmail.com> Date: Sat, 21 Jan 2012 11:27:36 +0100 From: "Bartek W. aka Mastier" User-Agent: Mozilla/5.0 (X11; U; Linux i686; pl-PL; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16 MIME-Version: 1.0 CC: freebsd-pf@freebsd.org References: <4F183944.30101@wooh.hu> <4F183E6F.2030709@gmail.com> <4F18459D.6060000@wooh.hu> In-Reply-To: <4F18459D.6060000@wooh.hu> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Maximum throughput ? limit? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2012 10:27:40 -0000 W dniu 19.01.2012 17:32, Adam PAPAI pisze: > Bartek W. aka Mastier wrote: > >>> >> Indeed. The default maximum is 10 000 states as I remember. >> >> I.e. one of the main routers in my case. core quad. >> >> set limit { states 300000, frags 10000, src-nodes 100000 } > > I had the states up to 250000 but the frags and scr-nodes were the > default. > > What's your timeout interval? > default # pfctl -st tcp.first 30s tcp.opening 5s tcp.established 18000s tcp.closing 60s tcp.finwait 30s tcp.closed 30s tcp.tsdiff 10s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 180000 states adaptive.end 360000 states src.track 0s